<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
                      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
    <meta http-equiv="content-type" content="text/html; charset=UTF-8"/>
    <title>Zend_OpenId_Provider - Zend Framework Manual</title>

    <link href="../css/shCore.css" rel="stylesheet" type="text/css" />
    <link href="../css/shThemeDefault.css" rel="stylesheet" type="text/css" />
    <link href="../css/styles.css" media="all" rel="stylesheet" type="text/css" />
</head>
<body>
<h1>Zend Framework</h1>
<h2>Programmer's Reference Guide</h2>
<ul>
    <li><a href="../en/zend.openid.provider.html">Inglês (English)</a></li>
    <li><a href="../pt-br/zend.openid.provider.html">Português Brasileiro (Brazilian Portuguese)</a></li>
</ul>
<table width="100%">
    <tr valign="top">
        <td width="85%">
            <table width="100%">
                <tr>
                    <td width="25%" style="text-align: left;">
                    <a href="zend.openid.consumer.html">Zend_OpenId_Consumer Basics</a>
                    </td>

                    <td width="50%" style="text-align: center;">
                        <div class="up"><span class="up"><a href="zend.openid.html">Zend_OpenId</a></span><br />
                        <span class="home"><a href="manual.html">Programmer's Reference Guide</a></span></div>
                    </td>

                    <td width="25%" style="text-align: right;">
                        <div class="next" style="text-align: right; float: right;"><a href="zend.paginator.html">Zend_Paginator</a></div>
                    </td>
                </tr>
            </table>
<hr />
<div id="zend.openid.provider" class="section"><div class="info"><h1 class="title">Zend_OpenId_Provider</h1></div>
    

    <p class="para">
        <span class="classname">Zend_OpenId_Provider</span> can be used to implement OpenID
        servers. This chapter provides examples that demonstrate how to
        build a very basic server. However, for implementation of a production OpenID
        server (such as <a href="http://www.myopenid.com" class="link external">&raquo; www.myopenid.com</a>) you
        may have to deal with more complex issues.
    </p>

    <div class="section" id="zend.openid.provider.start"><div class="info"><h1 class="title">Quick start</h1></div>
        

        <p class="para">
            The following example includes code for creating a user account
            using <span class="classname">Zend_OpenId_Provider::register</span>. The link element with
            <strong class="command">rel=&quot;openid.server&quot;</strong> points to our own server script. If you
            submit this identity to an OpenID-enabled site, it will perform
            authentication on this server.
        </p>

        <p class="para">
            The code before the &lt;html&gt; tag is just a trick that automatically
            creates a user account. You won&#039;t need such code when using real
            identities.
        </p>

        <div class="example" id="zend.openid.provider.example-1"><div class="info"><p><b>Example #1 The Identity</b></p></div>
            

            <pre class="programlisting brush: php">
&lt;?php
// Set up test identity
define(&quot;TEST_SERVER&quot;, Zend_OpenId::absoluteURL(&quot;example-8.php&quot;));
define(&quot;TEST_ID&quot;, Zend_OpenId::selfURL());
define(&quot;TEST_PASSWORD&quot;, &quot;123&quot;);
$server = new Zend_OpenId_Provider();
if (!$server-&gt;hasUser(TEST_ID)) {
    $server-&gt;register(TEST_ID, TEST_PASSWORD);
}
?&gt;
&lt;html&gt;&lt;head&gt;
&lt;link rel=&quot;openid.server&quot; href=&quot;&lt;?php echo TEST_SERVER;?&gt;&quot; /&gt;
&lt;/head&gt;&lt;body&gt;
&lt;?php echo TEST_ID;?&gt;
&lt;/body&gt;&lt;/html&gt;
</pre>

        </div>

        <p class="para">
            The following identity server script handles two kinds of requests
            from OpenID-enabled sites (for association and authentication). Both of
            them are handled by the same method:
            <span class="classname">Zend_OpenId_Provider::handle</span>. The two arguments to the
            <span class="classname">Zend_OpenId_Provider</span> constructor are <acronym class="acronym">URL</acronym>s of
            login and trust pages, which ask for input from the end user.
        </p>

        <p class="para">
            On success, the method <span class="classname">Zend_OpenId_Provider::handle</span>
            returns a string that should be passed back to the OpenID-enabled site. On
            failure, it returns <b><tt>FALSE</tt></b>. This example will return an
            <acronym class="acronym">HTTP</acronym> 403 response if
            <span class="classname">Zend_OpenId_Provider::handle</span> fails. You will get this response if
            you open this script with a web browser, because it sends a non-OpenID conforming
            request.
        </p>

        <div class="example" id="zend.openid.provider.example-2"><div class="info"><p><b>Example #2 Simple Identity Provider</b></p></div>
            

            <pre class="programlisting brush: php">
$server = new Zend_OpenId_Provider(&quot;example-8-login.php&quot;,
                                   &quot;example-8-trust.php&quot;);
$ret = $server-&gt;handle();
if (is_string($ret)) {
    echo $ret;
} else if ($ret !== true) {
    header(&#039;HTTP/1.0 403 Forbidden&#039;);
    echo &#039;Forbidden&#039;;
}
</pre>

        </div>

        <blockquote class="note"><p><b class="note">Note</b>: 
            <p class="para">
                It is a good idea to use a secure connection (HTTPS) for these scripts-
                especially for the following interactive scripts- to prevent password
                disclosure.
            </p>
        </p></blockquote>

        <p class="para">
            The following script implements a login screen for an identity
            server using <span class="classname">Zend_OpenId_Provider</span> and redirects to this page when
            a required user has not yet logged in. On this page, a user will enter his password
            to login.
        </p>

        <p class="para">
            You should use the password &quot;123&quot; that was used in the identity script above.
        </p>

        <p class="para">
            On submit, the script calls <span class="classname">Zend_OpenId_Provider::login</span>
            with the accepted user&#039;s identity and password, then redirects back
            to the main identity provider&#039;s script. On success, the
            <span class="classname">Zend_OpenId_Provider::login</span> establishes a session between the
            user and the identity provider and stores the information about
            the user, who is now logged in. All following requests from the same user won&#039;t
            require a login procedure- even if they come from another OpenID enabled
            web site.
        </p>

        <blockquote class="note"><p><b class="note">Note</b>: 
            <p class="para">
                Note that this session is between end-user and identity provider
                only. OpenID enabled sites know nothing about it.
            </p>
        </p></blockquote>

        <div class="example" id="zend.openid.provider.example-3"><div class="info"><p><b>Example #3 Simple Login Screen</b></p></div>
            

            <pre class="programlisting brush: php">
&lt;?php
$server = new Zend_OpenId_Provider();

if ($_SERVER[&#039;REQUEST_METHOD&#039;] == &#039;POST&#039; &amp;&amp;
    isset($_POST[&#039;openid_action&#039;]) &amp;&amp;
    $_POST[&#039;openid_action&#039;] === &#039;login&#039; &amp;&amp;
    isset($_POST[&#039;openid_identifier&#039;]) &amp;&amp;
    isset($_POST[&#039;openid_password&#039;])) {
    $server-&gt;login($_POST[&#039;openid_identifier&#039;],
                   $_POST[&#039;openid_password&#039;]);
    Zend_OpenId::redirect(&quot;example-8.php&quot;, $_GET);
}
?&gt;
&lt;html&gt;
&lt;body&gt;
&lt;form method=&quot;post&quot;&gt;
&lt;fieldset&gt;
&lt;legend&gt;OpenID Login&lt;/legend&gt;
&lt;table border=0&gt;
&lt;tr&gt;
&lt;td&gt;Name:&lt;/td&gt;
&lt;td&gt;
&lt;input type=&quot;text&quot;
       name=&quot;openid_identifier&quot;
       value=&quot;&lt;?php echo htmlspecialchars($_GET[&#039;openid_identity&#039;]);?&gt;&quot;&gt;
&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Password:&lt;/td&gt;
&lt;td&gt;
&lt;input type=&quot;text&quot;
       name=&quot;openid_password&quot;
       value=&quot;&quot;&gt;
&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&amp;nbsp;&lt;/td&gt;
&lt;td&gt;
&lt;input type=&quot;submit&quot;
       name=&quot;openid_action&quot;
       value=&quot;login&quot;&gt;
&lt;/td&gt;
&lt;/tr&gt;
&lt;/table&gt;
&lt;/fieldset&gt;
&lt;/form&gt;
&lt;/body&gt;
&lt;/html&gt;
</pre>

        </div>

        <p class="para">
            The fact that the user is now logged in doesn&#039;t mean that the
            authentication must necessarily succeed. The user may decide not to trust
            particular OpenID enabled sites. The following trust screen allows the
            end user to make that choice. This choice may either be made only for current
            requests or forever. In the second case, information about
            trusted/untrusted sites is stored in an internal database, and all
            following authentication requests from this site will be handled
            automatically without user interaction.
        </p>

        <div class="example" id="zend.openid.provider.example-4"><div class="info"><p><b>Example #4 Simple Trust Screen</b></p></div>
            

            <pre class="programlisting brush: php">
&lt;?php
$server = new Zend_OpenId_Provider();

if ($_SERVER[&#039;REQUEST_METHOD&#039;] == &#039;POST&#039; &amp;&amp;
    isset($_POST[&#039;openid_action&#039;]) &amp;&amp;
    $_POST[&#039;openid_action&#039;] === &#039;trust&#039;) {

    if (isset($_POST[&#039;allow&#039;])) {
        if (isset($_POST[&#039;forever&#039;])) {
            $server-&gt;allowSite($server-&gt;getSiteRoot($_GET));
        }
        $server-&gt;respondToConsumer($_GET);
    } else if (isset($_POST[&#039;deny&#039;])) {
        if (isset($_POST[&#039;forever&#039;])) {
            $server-&gt;denySite($server-&gt;getSiteRoot($_GET));
        }
        Zend_OpenId::redirect($_GET[&#039;openid_return_to&#039;],
                              array(&#039;openid.mode&#039;=&gt;&#039;cancel&#039;));
    }
}
?&gt;
&lt;html&gt;
&lt;body&gt;
&lt;p&gt;A site identifying as
&lt;a href=&quot;&lt;?php echo htmlspecialchars($server-&gt;getSiteRoot($_GET));?&gt;&quot;&gt;
&lt;?php echo htmlspecialchars($server-&gt;getSiteRoot($_GET));?&gt;
&lt;/a&gt;
has asked us for confirmation that
&lt;a href=&quot;&lt;?php echo htmlspecialchars($server-&gt;getLoggedInUser());?&gt;&quot;&gt;
&lt;?php echo htmlspecialchars($server-&gt;getLoggedInUser());?&gt;
&lt;/a&gt;
is your identity URL.
&lt;/p&gt;
&lt;form method=&quot;post&quot;&gt;
&lt;input type=&quot;checkbox&quot; name=&quot;forever&quot;&gt;
&lt;label for=&quot;forever&quot;&gt;forever&lt;/label&gt;&lt;br&gt;
&lt;input type=&quot;hidden&quot; name=&quot;openid_action&quot; value=&quot;trust&quot;&gt;
&lt;input type=&quot;submit&quot; name=&quot;allow&quot; value=&quot;Allow&quot;&gt;
&lt;input type=&quot;submit&quot; name=&quot;deny&quot; value=&quot;Deny&quot;&gt;
&lt;/form&gt;
&lt;/body&gt;
&lt;/html&gt;
</pre>

        </div>

        <p class="para">
            Production OpenID servers usually support the Simple Registration
            Extension that allows consumers to request some information about the user from
            the provider. In this case, the trust page can be extended to allow
            entering requested fields or selecting a specific user profile.
        </p>
    </div>

    <div class="section" id="zend.openid.provider.all"><div class="info"><h1 class="title">Combined Provide Scripts</h1></div>
        

        <p class="para">
            It is possible to combine all provider functionality in one script. In
            this case login and trust <acronym class="acronym">URL</acronym>s are omitted, and
            <span class="classname">Zend_OpenId_Provider</span> assumes that they point to the same page
            with the additional &quot;openid.action&quot; <b><tt>GET</tt></b> argument.
        </p>

        <blockquote class="note"><p><b class="note">Note</b>: 
            <p class="para">
                The following example is not complete. It doesn&#039;t provide GUI code for
                the user, instead performing an automatic login and trust relationship instead.
                This is done just to simplify the example; a production server should include some
                code from previous examples.
            </p>
        </p></blockquote>

        <div class="example" id="zend.openid.provider.example-5"><div class="info"><p><b>Example #5 Everything Together</b></p></div>
            

            <pre class="programlisting brush: php">
$server = new Zend_OpenId_Provider();

define(&quot;TEST_ID&quot;, Zend_OpenId::absoluteURL(&quot;example-9-id.php&quot;));
define(&quot;TEST_PASSWORD&quot;, &quot;123&quot;);

if ($_SERVER[&#039;REQUEST_METHOD&#039;] == &#039;GET&#039; &amp;&amp;
    isset($_GET[&#039;openid_action&#039;]) &amp;&amp;
    $_GET[&#039;openid_action&#039;] === &#039;login&#039;) {
    $server-&gt;login(TEST_ID, TEST_PASSWORD);
    unset($_GET[&#039;openid_action&#039;]);
    Zend_OpenId::redirect(Zend_OpenId::selfUrl(), $_GET);
} else if ($_SERVER[&#039;REQUEST_METHOD&#039;] == &#039;GET&#039; &amp;&amp;
    isset($_GET[&#039;openid_action&#039;]) &amp;&amp;
    $_GET[&#039;openid_action&#039;] === &#039;trust&#039;) {
    unset($_GET[&#039;openid_action&#039;]);
    $server-&gt;respondToConsumer($_GET);
} else {
    $ret = $server-&gt;handle();
    if (is_string($ret)) {
        echo $ret;
    } else if ($ret !== true) {
        header(&#039;HTTP/1.0 403 Forbidden&#039;);
        echo &#039;Forbidden&#039;;
    }
}
</pre>

        </div>

        <p class="para">
            If you compare this example with previous examples split in to
            separate pages, you will see only the one
            difference besides the dispatch code:
             <span class="methodname">unset($_GET[&#039;openid_action&#039;])</span>. This call to
             <span class="methodname">unset()</span> is necessary to route the next request to main handler.
        </p>
    </div>

    <div class="section" id="zend.openid.provider.sreg"><div class="info"><h1 class="title">Simple Registration Extension</h1></div>
        

        <p class="para">
            Again, the code before the &lt;html&gt; tag is just a trick to demonstrate
            functionality. It creates a new user account and associates it with a profile (nickname
            and password). Such tricks aren&#039;t needed in deployed providers where end users register
            on OpenID servers and fill in their profiles. Implementing this GUI is out of scope for
            this manual.
        </p>

        <div class="example" id="zend.openid.provider.example-6"><div class="info"><p><b>Example #6 Identity with Profile</b></p></div>
            

            <pre class="programlisting brush: php">
&lt;?php
define(&quot;TEST_SERVER&quot;, Zend_OpenId::absoluteURL(&quot;example-10.php&quot;));
define(&quot;TEST_ID&quot;, Zend_OpenId::selfURL());
define(&quot;TEST_PASSWORD&quot;, &quot;123&quot;);
$server = new Zend_OpenId_Provider();
if (!$server-&gt;hasUser(TEST_ID)) {
    $server-&gt;register(TEST_ID, TEST_PASSWORD);
    $server-&gt;login(TEST_ID, TEST_PASSWORD);
    $sreg = new Zend_OpenId_Extension_Sreg(array(
        &#039;nickname&#039; =&gt;&#039;test&#039;,
        &#039;email&#039; =&gt; &#039;test@test.com&#039;
    ));
    $root = Zend_OpenId::absoluteURL(&quot;.&quot;);
    Zend_OpenId::normalizeUrl($root);
    $server-&gt;allowSite($root, $sreg);
    $server-&gt;logout();
}
?&gt;
&lt;html&gt;
&lt;head&gt;
&lt;link rel=&quot;openid.server&quot; href=&quot;&lt;?php echo TEST_SERVER;?&gt;&quot; /&gt;
&lt;/head&gt;
&lt;body&gt;
&lt;?php echo TEST_ID;?&gt;
&lt;/body&gt;
&lt;/html&gt;
</pre>

        </div>

        <p class="para">
            You should now pass this identity to the OpenID-enabled web site (use the Simple
            Registration Extension example from the previous section), and it should use the
            following OpenID server script.
        </p>

        <p class="para">
            This script is a variation of the script in the &quot;Everything Together&quot; example. It uses
            the same automatic login mechanism, but doesn&#039;t contain any code for a trust
            page. The user already trusts the example scripts forever. This trust was
            established by calling the  <span class="methodname">Zend_OpenId_Provider::allowSite()</span>
            method in the identity script. The same method associates the profile with the trusted
            <acronym class="acronym">URL</acronym>. This profile will be returned automatically for a request from
            the trusted <acronym class="acronym">URL</acronym>.
        </p>

        <p class="para">
            To make Simple Registration Extension work, you must simply
            pass an instance of <span class="classname">Zend_OpenId_Extension_Sreg</span> as the second
            argument to the  <span class="methodname">Zend_OpenId_Provider::handle()</span> method.
        </p>

        <div class="example" id="zend.openid.provider.example-7"><div class="info"><p><b>Example #7 Provider with SREG</b></p></div>
            

            <pre class="programlisting brush: php">
$server = new Zend_OpenId_Provider();
$sreg = new Zend_OpenId_Extension_Sreg();

define(&quot;TEST_ID&quot;, Zend_OpenId::absoluteURL(&quot;example-10-id.php&quot;));
define(&quot;TEST_PASSWORD&quot;, &quot;123&quot;);

if ($_SERVER[&#039;REQUEST_METHOD&#039;] == &#039;GET&#039; &amp;&amp;
    isset($_GET[&#039;openid_action&#039;]) &amp;&amp;
    $_GET[&#039;openid_action&#039;] === &#039;login&#039;) {
    $server-&gt;login(TEST_ID, TEST_PASSWORD);
    unset($_GET[&#039;openid_action&#039;]);
    Zend_OpenId::redirect(Zend_OpenId::selfUrl(), $_GET);
} else if ($_SERVER[&#039;REQUEST_METHOD&#039;] == &#039;GET&#039; &amp;&amp;
    isset($_GET[&#039;openid_action&#039;]) &amp;&amp;
    $_GET[&#039;openid_action&#039;] === &#039;trust&#039;) {
   echo &quot;UNTRUSTED DATA&quot; ;
} else {
    $ret = $server-&gt;handle(null, $sreg);
    if (is_string($ret)) {
        echo $ret;
    } else if ($ret !== true) {
        header(&#039;HTTP/1.0 403 Forbidden&#039;);
        echo &#039;Forbidden&#039;;
    }
}
</pre>

        </div>
    </div>

    <div class="section" id="zend.openid.provider.else"><div class="info"><h1 class="title">Anything Else?</h1></div>
        

        <p class="para">
            Building OpenID providers is much less common than building
            OpenID-enabled sites, so this manual doesn&#039;t cover all
            <span class="classname">Zend_OpenId_Provider</span> features exhaustively, as was done for
            <span class="classname">Zend_OpenId_Consumer</span>.
        </p>

        <p class="para">
            To summamize, <span class="classname">Zend_OpenId_Provider</span> contains:
        </p>

        <ul class="itemizedlist">
            <li class="listitem">
                <p class="para">
                    A set of methods to build an end-user GUI that allows
                    users to register and manage their trusted sites and profiles
                </p>
            </li>

            <li class="listitem">
                <p class="para">
                    An abstract storage layer to store information about users,
                    their sites and their profiles. It also stores associations between
                    the provider and OpenID-enabled sites. This layer is very similar
                    to that of the <span class="classname">Zend_OpenId_Consumer</span> class. It also uses
                    file storage by default, but may used with another backend.
                </p>
            </li>

            <li class="listitem">
                <p class="para">
                    An abstract user-association layer that may associate
                    a user&#039;s web browser with a logged-in identity
                </p>
            </li>
        </ul>

        <p class="para">
            The <span class="classname">Zend_OpenId_Provider</span> class doesn&#039;t attempt to cover all
            possible features that can be implemented by OpenID servers, e.g. digital
            certificates, but it can be extended easily using
            <span class="classname">Zend_OpenId_Extension</span>s or by standard object-oriented extension.
        </p>
    </div>
</div>
        <hr />

            <table width="100%">
                <tr>
                    <td width="25%" style="text-align: left;">
                    <a href="zend.openid.consumer.html">Zend_OpenId_Consumer Basics</a>
                    </td>

                    <td width="50%" style="text-align: center;">
                        <div class="up"><span class="up"><a href="zend.openid.html">Zend_OpenId</a></span><br />
                        <span class="home"><a href="manual.html">Programmer's Reference Guide</a></span></div>
                    </td>

                    <td width="25%" style="text-align: right;">
                        <div class="next" style="text-align: right; float: right;"><a href="zend.paginator.html">Zend_Paginator</a></div>
                    </td>
                </tr>
            </table>
</td>
        <td style="font-size: smaller;" width="15%"> <style type="text/css">
#leftbar {
	float: left;
	width: 186px;
	padding: 5px;
	font-size: smaller;
}
ul.toc {
	margin: 0px 5px 5px 5px;
	padding: 0px;
}
ul.toc li {
	font-size: 85%;
	margin: 1px 0 1px 1px;
	padding: 1px 0 1px 11px;
	list-style-type: none;
	background-repeat: no-repeat;
	background-position: center left;
}
ul.toc li.header {
	font-size: 115%;
	padding: 5px 0px 5px 11px;
	border-bottom: 1px solid #cccccc;
	margin-bottom: 5px;
}
ul.toc li.active {
	font-weight: bold;
}
ul.toc li a {
	text-decoration: none;
}
ul.toc li a:hover {
	text-decoration: underline;
}
</style>
 <ul class="toc">
  <li class="header home"><a href="manual.html">Programmer's Reference Guide</a></li>
  <li class="header up"><a href="manual.html">Programmer's Reference Guide</a></li>
  <li class="header up"><a href="reference.html">Zend Framework Reference</a></li>
  <li class="header up"><a href="zend.openid.html">Zend_OpenId</a></li>
  <li><a href="zend.openid.introduction.html">Introduction</a></li>
  <li><a href="zend.openid.consumer.html">Zend_OpenId_Consumer Basics</a></li>
  <li class="active"><a href="zend.openid.provider.html">Zend_OpenId_Provider</a></li>
 </ul>
 </td>
    </tr>
</table>

<script type="text/javascript" src="../js/shCore.js"></script>
<script type="text/javascript" src="../js/shAutoloader.js"></script>
<script type="text/javascript" src="../js/main.js"></script>

</body>
</html>